package net.jforum.util;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import net.jforum.exceptions.ForumException;
import net.jforum.util.preferences.ConfigKeys;
import net.jforum.util.preferences.SystemGlobals;
import org.apache.xml.serializer.SerializerConstants;
import org.htmlparser.Attribute;
import org.htmlparser.Node;
import org.htmlparser.Tag;
import org.htmlparser.lexer.Lexer;
import org.htmlparser.nodes.TextNode;

/* loaded from: input_file:WEB-INF/lib/jforum-framework-1.2.1.jar:net/jforum/util/SafeHtml.class */
public class SafeHtml {
    private static Set<String> welcomeTags = new HashSet();
    private static Set<String> welcomeAttributes = new HashSet();
    private static Set<String> allowedProtocols = new HashSet();

    private static void splitAndTrim(String str, Set<String> set) {
        String value = SystemGlobals.getValue(str);
        if (value == null) {
            return;
        }
        for (String str2 : value.toUpperCase().split(",")) {
            set.add(str2.trim());
        }
    }

    public String ensureAllAttributesAreSafe(String str) {
        StringBuffer stringBuffer = new StringBuffer(str.length());
        try {
            Lexer lexer = new Lexer(str);
            while (true) {
                Node nextNode = lexer.nextNode();
                if (nextNode == null) {
                    return stringBuffer.toString();
                }
                if (nextNode instanceof Tag) {
                    Tag tag = (Tag) nextNode;
                    checkAndValidateAttributes(tag, false);
                    stringBuffer.append(tag.toHtml());
                } else {
                    stringBuffer.append(nextNode.toHtml());
                }
            }
        } catch (Exception e) {
            throw new ForumException("Problems while parsing HTML: " + e, e);
        }
    }

    public String makeSafe(String str) {
        if (str == null || str.length() == 0) {
            return str;
        }
        StringBuffer stringBuffer = new StringBuffer(str.length());
        try {
            Lexer lexer = new Lexer(str);
            while (true) {
                Node nextNode = lexer.nextNode();
                if (nextNode == null) {
                    return stringBuffer.toString();
                }
                boolean z = nextNode instanceof TextNode;
                if (z) {
                    String html = nextNode.toHtml();
                    if (html.indexOf(62) > -1 || html.indexOf(60) > -1) {
                        nextNode.setText(html.replaceAll("<", SerializerConstants.ENTITY_LT).replaceAll(">", SerializerConstants.ENTITY_GT).replaceAll("\"", SerializerConstants.ENTITY_QUOT));
                    }
                }
                if (z || ((nextNode instanceof Tag) && isTagWelcome(nextNode))) {
                    stringBuffer.append(nextNode.toHtml());
                } else {
                    stringBuffer.append(nextNode.toHtml().replaceAll("<", SerializerConstants.ENTITY_LT).replaceAll(">", SerializerConstants.ENTITY_GT));
                }
            }
        } catch (Exception e) {
            throw new ForumException("Error while parsing HTML: " + e, e);
        }
    }

    private boolean isTagWelcome(Node node) {
        Tag tag = (Tag) node;
        if (!welcomeTags.contains(tag.getTagName())) {
            return false;
        }
        checkAndValidateAttributes(tag, true);
        return true;
    }

    private void checkAndValidateAttributes(Tag tag, boolean z) {
        Vector vector = new Vector();
        Iterator it = tag.getAttributesEx().iterator();
        while (it.hasNext()) {
            Attribute attribute = (Attribute) it.next();
            String name = attribute.getName();
            if (name == null) {
                vector.add(attribute);
            } else {
                String upperCase = name.toUpperCase();
                if (attribute.getValue() == null) {
                    vector.add(attribute);
                } else {
                    String lowerCase = attribute.getValue().toLowerCase();
                    if (!z || isAttributeWelcome(upperCase)) {
                        if (isAttributeSafe(upperCase, lowerCase)) {
                            if (attribute.getValue().indexOf("&#") > -1) {
                                attribute.setValue(attribute.getValue().replaceAll("&#", "&amp;#"));
                            }
                            vector.add(attribute);
                        }
                    }
                }
            }
        }
        tag.setAttributesEx(vector);
    }

    private boolean isAttributeWelcome(String str) {
        return welcomeAttributes.contains(str);
    }

    private boolean isAttributeSafe(String str, String str2) {
        if (!(str.length() >= 2 && str.charAt(0) == 'O' && str.charAt(1) == 'N') && str2.indexOf(10) <= -1 && str2.indexOf(13) <= -1 && str2.indexOf(0) <= -1) {
            return ("HREF".equals(str) || "SRC".equals(str)) ? isHrefValid(str2) : !"STYLE".equals(str) || str2.indexOf(40) <= -1;
        }
        return false;
    }

    private boolean isHrefValid(String str) {
        if (SystemGlobals.getBoolValue(ConfigKeys.HTML_LINKS_ALLOW_RELATIVE) && str.length() > 0 && str.charAt(0) == '/') {
            return true;
        }
        Iterator<String> it = allowedProtocols.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next().toString().toLowerCase())) {
                return true;
            }
        }
        return false;
    }

    static {
        splitAndTrim(ConfigKeys.HTML_TAGS_WELCOME, welcomeTags);
        splitAndTrim(ConfigKeys.HTML_ATTRIBUTES_WELCOME, welcomeAttributes);
        splitAndTrim(ConfigKeys.HTML_LINKS_ALLOW_PROTOCOLS, allowedProtocols);
    }
}
